-3

I have a site where I display charts using JS data. I don't want other people to copy my source (meaning have them copy paste my html/JS, etc.). I have seen other websites with charts and if you view the source there is no data there. Are they doing something sneaky? How do I do that? Can you run it on the server side? Can you put it in another file and reference that one? I have the JS linked from an external file but you can still see all the a data in that one if you open it. What is the best way to keep the data from appearing in the source file? I'm not talking about obfuscating it.

coolmusic
  • 3
  • 1

2 Answers2

3

You can't hide your JavaScript since it has to execute client side. You can move all your js to external files, but that will not really hide it since someone can just reference the same files.

Basically the key point is that nothing done in JavaScript can be kept a secret from a skilled developer. JavaScript is inherently in plain text.

TGH
  • 38,769
  • 12
  • 102
  • 135
3

Please read this related post:

This thread: How do I hide javascript code in a webpage?

Basically, if a web browser can read it, the end user can access it.

If you wanted to really make it more work to view the source, you would do all of the following:

  • Put it in an external .js file.

  • Obfuscate the file so that most native variable names are replaced with short versions, so that all unneeded whitespace is removed, so it can't be read without further processing, etc...

  • Dynamically include the .js file by programmatically adding script
    tags (like Google Analytics does). This will make it even more
    difficult to get to the source code from the View Source command as
    there will be no easy link to click on there.

  • Put as much interesting logic that you want to protect on the server that you retrieve via ajax calls rather than do local processing.

Community
  • 1
  • 1
Nicholas Hazel
  • 3,758
  • 1
  • 22
  • 34
  • People who are put off by the above tactics are likley not the people the OP is worried about. Keeping sensitive data on the server is a more secure solution. – RobG Jan 21 '14 at 06:19
  • Then render with PHP or some server side code to dish the solution. He asked about HTML and JS, I answered it :-) – Nicholas Hazel Jan 21 '14 at 06:23
  • @NicholasHazel is there an easy way to do it with ajax? I don't want to obfuscate if I don't have to because I update the file every day with new data and that would require another step. Right now I have an external JS file for the chart. – coolmusic Jan 21 '14 at 17:01
  • I'm not too familiar with AJAX from a server side perspective, and utilizing a GET post is going to be just as vulnerable as hard-coding the script into your HTML. – Nicholas Hazel Jan 21 '14 at 18:46